<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" title="Default" href="main.css" type="text/css" />
</head>

<body>
<h2 align="center">Rules Management</h2>
<hr/>
<center>Note: changes won't go into effect until you restart the server.</center>

<?
	#before we do anything, we need to submit any changes that were passed via POST (or GET since we don't really check in $request)
	my $rule_name = $request->get("rule_name");
	if ($rule_name =~ m/\w+:\w+/i) {	#if we have a value matching the pattern "Type:Name", we can assume we want to make the change
		my $rule_value = $request->get("rule_value");	#not safe from injection, should be able to just escape quotes
		my $q3 = "UPDATE rule_values SET rule_value = '$rule_value' WHERE rule_name = '$rule_name'";
		my $res3 = $EQDB->query($q3);
		print "<center>\n\t";
		if ($res3) {	# && ($EQDB->affected_rows > 0)
			print "<font color=\"green\">$rule_name successfully changed to '$rule_value'</font><br>\n";
		} else {
			my $errno3 = $EQDB->get_errno;
			my $err3 = $EQDB->error;
			print "<font color=\"red\">Update of $rule_name to '$rule_value' failed! (Error $errno3: $err3)</font><br>\n";
		}
		print "</center>\n";
	}
	#for some reason, when we submit a change, we go back to the default view

	my $ruleset_id = $request->get("ruleset_id", 1);	#if we don't put a value, this gets defaulted to 0 no matter what we put for the default value using getInt, so we'll just do our own check
	if ($ruleset_id !~ m/^[0-9]+$/) {$ruleset_id = 1;}	#this should default any non-numeric values (particularly blank ones), also making it free from injections
	my $rule_type = $request->get("rule_type", "All");	#not safe from injection as-is
	if ($rule_type !~ m/^\w+$/i) {$rule_type = "All";}	#this should make it safe from injection, but may cause issues if we start using non-alphanumeric characters in the first part of the rule_name

	#now, we'll put together a list of the rule categories that we can filter by
	print "<center>\n\t";

	if ($rule_type eq "All") {print "<b>";}
	print "<a href=\"rules.html?ruleset_id=$ruleset_id&rule_type=All\">All</a>";
	if ($rule_type eq "All") {print "</b>";}

	my $q = "SELECT DISTINCT(SUBSTRING(rule_name, 1, LOCATE(':', rule_name) - 1)) AS rule_type FROM rule_values WHERE ruleset_id = '$ruleset_id' ORDER BY rule_type ASC";
	my $res = $EQDB->query($q);
	if ($res) {
		while (my $row = $res->fetch_row_hash) {
			print " | \n\t";
			if ($rule_type eq $row->{rule_type}) {print "<b>";}
			print "<a href=\"rules.html?ruleset_id=$ruleset_id&rule_type=$row->{rule_type}\">$row->{rule_type}</a>";
			if ($rule_type eq $row->{rule_type}) {print "</b>";}
		}
	}

	print "\n</center>\n";

	#next, we create the table, including the first line which will let us put in a new rule from scratch (eventually)
	print "<table align=\"center\" border=\"1\" cellspacing=\"2\" cellpadding=\"3\" class=\"zonelist\">\n";
	print "\t<tr>\n";
	print "\t\t<th width=1 nowrap>Type</th>\n";
	print "\t\t<th width=1 nowrap>Name</th>\n";
	print "\t\t<th width=1 nowrap>Value</th>\n";
	print "\t\t<th width=1 nowrap>Notes</th>\n";
	print "\t\t<th width=1 nowrap></th>\n";
	#print "\t\t<th width=1 nowrap></th>\n";
	print "\t</tr>\n";
	#print "\t<tr>\n";
	#print "\t\t<td></td>\n";
	#print "\t\t<td></td>\n";
	#print "\t\t<td></td>\n";
	#print "\t\t<td></td>\n";
	#print "\t\t<td colspan=\"2\"><button>Add</button></td>\n";
	#print "\t<tr>\n";

	#lastly, output any matching rules
	my $w2 = "WHERE ruleset_id = '$ruleset_id'";
	if ($rule_type ne "All") {
		$w2 .= " AND rule_name LIKE '$rule_type:%'";
	}
	my $q2 = "SELECT ruleset_id, SUBSTRING(rule_name, 1, LOCATE(':', rule_name) - 1) AS rule_type, SUBSTRING(rule_name, LOCATE(':', rule_name) + 1) AS rule_name_short, rule_name, rule_value, notes FROM rule_values $w2 ORDER BY rule_name ASC";
	my $res2 = $EQDB->query($q2);
	if ($res) {
		while (my $row2 = $res2->fetch_row_hash) {
			print "\t<tr>\n";
			print "\t\t<form method=\"POST\" action=\"rules.html?ruleset_id=$ruleset_id&rule_type=$rule_type\">\n";
			print "\t\t<input type=\"hidden\" name=\"ruleset_id\" value=\"$ruleset_id\">\n";	#if we don't pass this in POST, for some reason we don't pick them up from the GET info from the form action
			print "\t\t<input type=\"hidden\" name=\"rule_type\" value=\"$rule_type\">\n";	#ditto
			print "\t\t<td align=\"right\"><a href=\"rules.html?ruleset_id=$ruleset_id&rule_type=$row2->{rule_type}\">$row2->{rule_type}</a></td>\n";
			print "\t\t<td align=\"left\">$row2->{rule_name_short}</td>\n";
			print "\t\t<input type=\"hidden\" name=\"rule_name\" value=\"$row2->{rule_name}\">\n";
			print "\t\t<td><input type=\"text\" name=\"rule_value\" size=\"8\" style=\"text-align: right\" value=\"$row2->{rule_value}\" /></td>\n";
			print "\t\t<td>$row2->{notes}</td>\n";
			print "\t\t<td><input type=\"image\" src=\"update.png\" alt=\"Update\"></td>\n";
			#print "\t\t<td><input type=\"image\" src=\"delete.gif\" alt=\"Delete\"></td>\n";
			print "\t\t</form>\n";
			print "\t<tr>\n";
		}
	}
?>
</body>
</html>
